利用 Jamf 在企业环境中进行红队演练.pdf

1、#BHUSA BlackHatEventsLeveraging Jamf for Red Teaming in Leveraging Jamf for Red Teaming in Enterprise EnvironmentsEnterprise EnvironmentsByLance Cain and Daniel Mayer#BHUSA BlackHatEventsLance and DanLance Cain Service Architect at SpecterOps Inc.macOS Security Researcher Red Teaming and Pentest Lea

2、d Jamf Exploitation EnthusiastDaniel Mayer Senior Consultant at SpecterOps Inc.Ex-Senior Security Researcher at CrowdStrike Hobbyist free-to-play game cheat maker Blogs about it and other topics at mayer.cool#BHUSA BlackHatEventsOverview IntroductionMacOS in the Modern EnterpriseJamf Management and

3、PermissionsPros and Cons of Jamf AbuseTool References Privilege EscalationAccountsApi Integrations Code ExecutionPolicies and ScriptsPoliciesComputer Extension Attributes Defensive RecommendationsLocal vs.Cloud Deployments Credits and Kudos Questions#BHUSA BlackHatEventsIntroduction MacOS in Modern

4、Enterprises macOS is popular with developers,cloud admins,IT engineers,and users with privileged technical access#BHUSA BlackHatEventsIntroduction MacOS in Modern Enterprises macOS is popular with developers,cloud admins,IT engineers,and users with privileged technical access Often macOS devices are

5、 initially setup with a Jamf Pro enrollment and integrated with a cloud provider like Azure,then not monitored as much afterwards#BHUSA BlackHatEventsIntroduction MacOS in Modern Enterprises macOS is popular with developers,cloud admins,IT engineers,and users with privileged technical access Often m

6、acOS devices are initially setup with a Jamf Pro enrollment and integrated with a cloud provider like Azure,then not monitored as much afterwards Sharing some of the most dangerous attack paths we have discovered in client environments regarding Jamf Pro#BHUSA BlackHatEventsIntroduction Jamf Managem